Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2019-11251

    The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified i... Read more

    Affected Products : kubernetes
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-4859

    Solidus <= 4.3.4 is affected by a Stored Cross-Site Scripting vulnerability in the order tracking URL. ... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-29432

    Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.... Read more

    Affected Products : sydent
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2016-2116

    Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.... Read more

    Affected Products : ubuntu_linux jasper
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2021-25011

    The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's se... Read more

    Affected Products : wp_google_map
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-24968

    The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Sub... Read more

    Affected Products : ultimate_faq
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-24752

    Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPre... Read more

    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-24703

    The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.... Read more

    Affected Products : download_plugin
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-50157

    Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2018-1000161

    nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a vict... Read more

    Affected Products : nmap
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-1001

    Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modi... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2018-0414

    A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entitie... Read more

    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2017-9546

    admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.... Read more

    Affected Products : bigtree_cms
    • Published: Jun. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-8969

    An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found.... Read more

    Affected Products : insight_control
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-3563

    A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer deref... Read more

    Affected Products : linux_kernel bluez
    • Published: Oct. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-22711

    Windows BitLocker Information Disclosure Vulnerability... Read more

    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-3426

    There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user t... Read more

    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-28806

    A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2017-5201

    NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.... Read more

    Affected Products : clustered_data_ontap
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-20101

    A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to init... Read more

    Affected Products : projectsend
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294758 Results